CVE-2026-40223
published 2026-04-10CVE-2026-40223: In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running.
PriorityP421medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
EPSS
0.09%
0.5th percentile
In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| systemd | systemd | >= 258 < 260 | 260 |
| systemd_project | systemd | >= 258 < 260 | 260 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vendor_redhat4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-52rm-r39v-fwv9: In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running
ghsa_unreviewed·2026-04-10
CVE-2026-40223 [MEDIUM] CWE-696 GHSA-52rm-r39v-fwv9: In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running
In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running.
Red Hat
systemd: systemd: Local unprivileged user can cause Denial of Service
vendor_redhat·2026-04-10·CVSS 4.7
CVE-2026-40223 [MEDIUM] CWE-617 systemd: systemd: Local unprivileged user can cause Denial of Service
systemd: systemd: Local unprivileged user can cause Denial of Service
A flaw was found in systemd, a core component of Linux operating systems. A local user, without special privileges, can exploit this vulnerability. By manipulating a specific systemd unit configuration where delegation is enabled and the user is not set, the user can trigger an internal error, leading to a Denial of Service (DoS). This means the affected system may become unresponsive or crash, impacting its availability.
Package: NetworkManager (Red Hat Enterprise Linux 10) - Not affected
Package: rpm-ostree (Red Hat Enterprise Linux 10) - Not affected
Package: systemd (Red Hat Enterprise Linux 10) - Not affected
Package: systemd (Red Hat Enterprise Linux 7) - Not affected
Package: NetworkManager (Red Hat Enterpri
No detection rules found.
No public exploits indexed.
2026-04-10
Published